Microsoft Windows Server 2008, Server Administrator - 070-646 Exam Questions
QUESTION NO: 1
Baldwin Museum of Science
You need to recommend an administrative solution for the help desk technicians that meets the museum's technical requirements.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
The Baldwin Museum of Science is an internationally renowned museum of science history.
Physical Location
The museum has a main office and a branch office named Branch1. The main office has 5,000 users. Branch1 has 1,000 users.
The main office connects to Branch1 by using a WAN link. The WAN link is highly saturated.
The museum has a sales department. All of the users in the sales department have client computers that run Windows XP Service Pack 3 (SP3).
EXISTING ENVIRONMENT Active Directory Environment
The network contains one Active Directory forest. The forest contains two domains named baldwinmuseumofscience.com and ad.baldwinmuseumofscience.com.
All user accounts and computer accounts for all employees are in the ad.baldwinmuseumofscience.com domain. The organizational unit (OU) structure for ad.baldwinmuseumofscience.com is shown:
Network Infrastructure
The network contains the following servers and Applications: Application servers that run either Windows Server 2003 Service Pack 2 (SP2), Windows Server 2008 SP2, or Windows Server 2008 R2.
A custom Application named App1 that runs on all of the Application servers. App1 writes events to the Application log.
A line-of-business Application named App2 that requires Internet Explorer 6. All of the users in the sales department run App2.
File servers that run Windows Server 2008 R2. The main office has the following:
A two-node failover cluster that runs Windows Server 2008 R2 and has the Hyper-V role installed and a Clustered Shared Volume. The failover cluster hosts four virtual machines (VM) that run Windows
Server 2008 R2. The VMs are stored on the Clustered Shared Volume. Each VM runs Microsoft SQL Server 2008.
A server named Server1 that hosts two shared folders named Share1 and Share2. Share1 hosts 50,000 research documents that are shared by multiple users. Share2 hosts documents that are created by users in the sales department.
Administration Model
All users in Branch1 are members of global groups and universal groups. The groups are located in an OU named Groups in the ad.baldwinmuseumofscience.com domain.
REQUIREMENTS Planned Changes
The Baldwin Museum of Science plans to implement a new branch office named Branch2.
Branch2 will be configured as a separate Active Directory site.
Branch2 will be configured to meet the following requirements:
Minimize the cost of deploying new servers.
Contain only client computers that run Windows 7.
Connect to the main office by using a saturated WAN link.
Contain only servers that run Windows Server 2008 R2. The servers will be configured as either file
servers or Web servers. The file shares on the file servers must be available if a single file server fails. In Branch2, if a single domain controller or a WAN link fails, users in the branch must be able to:
Change their passwords.
Log on to their client computers.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
Hardware and software costs must be minimized whenever possible.
All VMs must be backed up twice a day.
All VM backups must include the VM configuration information.
Events generated by App1 must be stored in a central location.
An administrator must be notified by e-mail when App1 generates an error.
The number of permissions assigned to help desk technicians must be minimized.
The help desk technicians must be able to reset the passwords and modify the membership of all users in Branch1.
If a user overwrites another user's research document, the user must be able to recover a previous version of the document.
When users in the sales department work remotely, they must be able to access the files in Share1 in the minimum amount of time.
Security
The Baldwin Museum of Science must meet the following security requirements:
All scripts that run on production servers must be signed.
Managers in Branch1 must be allowed to access the Internet at all times.
Web site administrators must not be required to log on interactively to Web servers.
Users in Branch1 must only be allowed to access the Internet between 12:00 and 13:00.
Users and managers must be prevented from downloading executable files from the Internet.
Administration of the corporate Web sites must support all bulk changes and scheduled content
updates.
Baldwin Museum of Science
You need to recommend an administrative solution for the help desk technicians that meets the museum's technical requirements.
What should you recommend?
Case Study Title (Case Study): COMPANY OVERVIEW
The Baldwin Museum of Science is an internationally renowned museum of science history.
Physical Location
The museum has a main office and a branch office named Branch1. The main office has 5,000 users. Branch1 has 1,000 users.
The main office connects to Branch1 by using a WAN link. The WAN link is highly saturated.
The museum has a sales department. All of the users in the sales department have client computers that run Windows XP Service Pack 3 (SP3).
EXISTING ENVIRONMENT Active Directory Environment
The network contains one Active Directory forest. The forest contains two domains named baldwinmuseumofscience.com and ad.baldwinmuseumofscience.com.
All user accounts and computer accounts for all employees are in the ad.baldwinmuseumofscience.com domain. The organizational unit (OU) structure for ad.baldwinmuseumofscience.com is shown:
Network Infrastructure
The network contains the following servers and Applications: Application servers that run either Windows Server 2003 Service Pack 2 (SP2), Windows Server 2008 SP2, or Windows Server 2008 R2.
A custom Application named App1 that runs on all of the Application servers. App1 writes events to the Application log.
A line-of-business Application named App2 that requires Internet Explorer 6. All of the users in the sales department run App2.
File servers that run Windows Server 2008 R2. The main office has the following:
A two-node failover cluster that runs Windows Server 2008 R2 and has the Hyper-V role installed and a Clustered Shared Volume. The failover cluster hosts four virtual machines (VM) that run Windows
Server 2008 R2. The VMs are stored on the Clustered Shared Volume. Each VM runs Microsoft SQL Server 2008.
A server named Server1 that hosts two shared folders named Share1 and Share2. Share1 hosts 50,000 research documents that are shared by multiple users. Share2 hosts documents that are created by users in the sales department.
Administration Model
All users in Branch1 are members of global groups and universal groups. The groups are located in an OU named Groups in the ad.baldwinmuseumofscience.com domain.
REQUIREMENTS Planned Changes
The Baldwin Museum of Science plans to implement a new branch office named Branch2.
Branch2 will be configured as a separate Active Directory site.
Branch2 will be configured to meet the following requirements:
Minimize the cost of deploying new servers.
Contain only client computers that run Windows 7.
Connect to the main office by using a saturated WAN link.
Contain only servers that run Windows Server 2008 R2. The servers will be configured as either file
servers or Web servers. The file shares on the file servers must be available if a single file server fails. In Branch2, if a single domain controller or a WAN link fails, users in the branch must be able to:
Change their passwords.
Log on to their client computers.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
Hardware and software costs must be minimized whenever possible.
All VMs must be backed up twice a day.
All VM backups must include the VM configuration information.
Events generated by App1 must be stored in a central location.
An administrator must be notified by e-mail when App1 generates an error.
The number of permissions assigned to help desk technicians must be minimized.
The help desk technicians must be able to reset the passwords and modify the membership of all users in Branch1.
If a user overwrites another user's research document, the user must be able to recover a previous version of the document.
When users in the sales department work remotely, they must be able to access the files in Share1 in the minimum amount of time.
Security
The Baldwin Museum of Science must meet the following security requirements:
All scripts that run on production servers must be signed.
Managers in Branch1 must be allowed to access the Internet at all times.
Web site administrators must not be required to log on interactively to Web servers.
Users in Branch1 must only be allowed to access the Internet between 12:00 and 13:00.
Users and managers must be prevented from downloading executable files from the Internet.
Administration of the corporate Web sites must support all bulk changes and scheduled content
updates.
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
There are five servers that run Windows Server 2003 SP2. The Windows Server 2003 SP2 servers have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. All client computers run Windows 7.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
Minimizes the number of open ports on the firewall server.
Encrypts all remote connections to the Remote Desktop Services servers.
Prevents network access to client computers that have Windows Firewall disabled. What should you do?
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.
There are five servers that run Windows Server 2003 SP2. The Windows Server 2003 SP2 servers have the Terminal Server component installed. A firewall server runs Microsoft Internet Security and Acceleration (ISA) Server 2006. All client computers run Windows 7.
You plan to give remote users access to the Remote Desktop Services servers.
You need to create a remote access strategy for the Remote Desktop Services servers that meets the following requirements:
Minimizes the number of open ports on the firewall server.
Encrypts all remote connections to the Remote Desktop Services servers.
Prevents network access to client computers that have Windows Firewall disabled. What should you do?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.All client computers run Windows 7.
All user accounts are stored in an organizational unit (OU) named Staff. All client computer accounts are stored in an OU named Clients.
You plan to deploy a new application.
You need to ensure that the application deployment meets the following requirements:
Users must access the application from an icon on the Start menu.
The application must be available to remote users when they are offline. What should you do?
Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2.All client computers run Windows 7.
All user accounts are stored in an organizational unit (OU) named Staff. All client computer accounts are stored in an OU named Clients.
You plan to deploy a new application.
You need to ensure that the application deployment meets the following requirements:
Users must access the application from an icon on the Start menu.
The application must be available to remote users when they are offline. What should you do?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
Your company has Windows Server 2008 R2 file servers.
You need to recommend a data recovery strategy that meets the following requirements:
Backups must have a minimal impact on performance.
All data volumes on the file server must be backed up daily.
If a disk fails, the recovery strategy must allow individual files to be restored.
Users must be able to retrieve previous versions of files without the intervention of an administrator. What should you recommend?
Your company has Windows Server 2008 R2 file servers.
You need to recommend a data recovery strategy that meets the following requirements:
Backups must have a minimal impact on performance.
All data volumes on the file server must be backed up daily.
If a disk fails, the recovery strategy must allow individual files to be restored.
Users must be able to retrieve previous versions of files without the intervention of an administrator. What should you recommend?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
Testlet: Northwind Traders
You need to recommend a solution for monitoring the servers. The solution must meet the company's technical requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW
Northwind Traders is an import/export company that has a main office and two branch offices. The main office is located in Toronto. The branch offices are located in Vancouver and Seattle. The main office has 2,000 users. Each branch office has 500 users.
EXISTING ENVIRONMENT
All client computers run Windows 7 Enterprise. All servers run Windows Server 2008 R2. All new servers are deployed by using Windows Deployment Services (WDS).
Northwind Traders has multiple Hyper-V servers. The Hyper-V servers are managed by using Microsoft System Center Virtual Machine Manager (VMM).
The perimeter network contains a standalone server. The server has the Active Directory Lightweight Directory Service (AD LDS) service role installed. AD LDS is administered on the server by using the Active Directory module for Windows PowerShell.
All virtual machines (VMs) access iSCSI-based storage by using a Microsoft iSCSI Initiator installed on the VM.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named northwindtraders.com.
The forest contains five Remote Desktop servers. All Remote Desktop servers are in an organizational unit (OU) named RD Servers.
TECHNICAL REQUIREMENTS
Northwind Traders must meet the following technical requirements:
Minimize server downtime.
Ensure that you can recover all of the data hosted on the VMs.
Ensure that you can perform bare metal restores of the Hyper-V servers.
Minimize the number of times a server restarts when it is deployed.
Monitor the CPU utilization, memory utilization, and disk utilization of all the servers to analyze
performance trends.
Ensure that a specific set of Group Policy settings are applied to users who use Remote Desktop to connect to the Remote Desktop servers. The settings must differ from those applied when the users log on locally to their own computers.
Copy a custom Microsoft Office Word dictionary to the computers in the legal department. Update the custom dictionary on a regular basis. Copy the updated version of the dictionary as soon as possible to the legal department computers.
Testlet: Northwind Traders
You need to recommend a solution for monitoring the servers. The solution must meet the company's technical requirements.
What should you include in the recommendation?
Case Study Title (Case Study): COMPANY OVERVIEW
Northwind Traders is an import/export company that has a main office and two branch offices. The main office is located in Toronto. The branch offices are located in Vancouver and Seattle. The main office has 2,000 users. Each branch office has 500 users.
EXISTING ENVIRONMENT
All client computers run Windows 7 Enterprise. All servers run Windows Server 2008 R2. All new servers are deployed by using Windows Deployment Services (WDS).
Northwind Traders has multiple Hyper-V servers. The Hyper-V servers are managed by using Microsoft System Center Virtual Machine Manager (VMM).
The perimeter network contains a standalone server. The server has the Active Directory Lightweight Directory Service (AD LDS) service role installed. AD LDS is administered on the server by using the Active Directory module for Windows PowerShell.
All virtual machines (VMs) access iSCSI-based storage by using a Microsoft iSCSI Initiator installed on the VM.
Existing Active Directory/Directory Services
The network contains a single Active Directory forest named northwindtraders.com.
The forest contains five Remote Desktop servers. All Remote Desktop servers are in an organizational unit (OU) named RD Servers.
TECHNICAL REQUIREMENTS
Northwind Traders must meet the following technical requirements:
Minimize server downtime.
Ensure that you can recover all of the data hosted on the VMs.
Ensure that you can perform bare metal restores of the Hyper-V servers.
Minimize the number of times a server restarts when it is deployed.
Monitor the CPU utilization, memory utilization, and disk utilization of all the servers to analyze
performance trends.
Ensure that a specific set of Group Policy settings are applied to users who use Remote Desktop to connect to the Remote Desktop servers. The settings must differ from those applied when the users log on locally to their own computers.
Copy a custom Microsoft Office Word dictionary to the computers in the legal department. Update the custom dictionary on a regular basis. Copy the updated version of the dictionary as soon as possible to the legal department computers.
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
A company has servers that run Windows Server 2008 R2.
You are designing a storage solution for the servers. The storage solution must meet the following requirements:
Allow the use of Fibre Channel (FC), Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces
for connectivity to storage arrays.
Support storage load balancing.
You need to ensure that the storage solution meets the requirements.
Which feature should you install?
To answer, select the appropriate feature in the answer area.
Point and Shoot:
A company has servers that run Windows Server 2008 R2.
You are designing a storage solution for the servers. The storage solution must meet the following requirements:
Allow the use of Fibre Channel (FC), Internet SCSI (iSCSI), and Serial Attached SCSI (SAS) interfaces
for connectivity to storage arrays.
Support storage load balancing.
You need to ensure that the storage solution meets the requirements.
Which feature should you install?
To answer, select the appropriate feature in the answer area.
Point and Shoot:
Correct Answer:
Explanation/Reference: MULTIPATH INPUT/OUTPUT
Multipath I/O (MPIO) is a feature that provides support for using multiple data paths to a storage device. Multipathing increases the availability of storage resources by providing path failover from a server or cluster to a storage subsystem.MPIO feature should be installed on a server if it will access a logical unit number (LUN) through multiple Fibre Channel ports or multiple iSCSI initiator adapters.
http://technet.microsoft.com/en-us/library/cc770294.aspx
QUESTION NO: 7
Your company has a main office and three branch offices. The network consists of a single Active Directory domain. Each office contains an Active Directory domain controller.
You need to create a DNS infrastructure for the network that meets the following requirements:
The DNS infrastructure must allow the client computers in each office to register DNS names within their respective offices.
The client computers must be able to resolve names for hosts in all offices. What should you do?
Your company has a main office and three branch offices. The network consists of a single Active Directory domain. Each office contains an Active Directory domain controller.
You need to create a DNS infrastructure for the network that meets the following requirements:
The DNS infrastructure must allow the client computers in each office to register DNS names within their respective offices.
The client computers must be able to resolve names for hosts in all offices. What should you do?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 8
Testlet: Woodgrove Bank
You need to recommend changes to the DFS infrastructure that meet the company's technical requirements.
What should you recommend implementing in each branch office? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Woodgrove Bank is an international financial organization.
Physical Location
The company has a main office and multiple branch offices.
EXISTING ENVIRONMENT Active Directory Environment
The network contains one Active Directory forest. A separate domain exists for each office.
Network Infrastructure
All offices have domain controllers that are configured as DNS servers. All client computers are configured to connect to the DNS servers in their respective office only.
The main office has the following servers and client computers:
One Windows Server Update Services (WSUS) server.
Client computers that run either Windows XP Service Pack 3 (SP3) or Windows 7.
Ten file servers host multiple shared folders. The file servers run either Windows Server 2003 or
Windows Server 2008 R2.
One domain-based Distributed File System (DFS) namespace that has two replicas. The DFS servers
run Windows Server 2008 R2. The DFS namespace is configured to use Windows 2000 Server mode. Each branch office has a WAN link to the main office. The WAN links are highly saturated. Each office has a dedicated high-speed Internet connection.
All of the client computers in the branch offices run Windows 7.
User Problems
Users report that it is difficult to find the shared folders on the network.
REQUIREMENTS Planned Changes
Woodgrove Bank plans to implement the following changes:
Deploy a new application named App1 on each client computer. App1 has a Windows Installer package and is compatible with Windows XP, Windows Vista, and Windows 7.
Designate a user in each office to manage the address information of the user accounts in that office.
Deploy a new branch office named Branch22 that has the following servers: One file server named Server1 & Two domain controllers named DC10 and DC11 that are configured as DNS servers.
Technical Requirements
Woodgrove Bank must meet the following technical requirements:
Minimize hardware and software costs, whenever possible.
Encrypt all DNS replication traffic between the DNS servers.
Ensure that users in the branch offices can access the DFS targets if a WAN link fails.
Ensure that users can only view the list of DFS targets to which they are assigned permissions.
Minimize the amount of network traffic between the main office and the branch offices, whenever possible.
Minimize the amount of name resolution traffic from the branch offices to the DNS servers in the main office.
Ensure that the administrators in the main office manage all Windows update approvals and all
computer groups.
Manage all of the share permissions and the folder permissions for the file servers from a single
management console.
Ensure that if a file on a file server is deleted accidentally, users can revert to a previous version of the file without administrator intervention.
Ensure that administrators are notified by e-mail each time a user successfully copies a file that has an .avi extension to one of the file servers.
Security Requirements
Woodgrove Bank must meet the following security requirements:
Access rights and user rights must be minimized.
The Guest account must be disabled on all servers.
Internet Information Services (IIS) must only be installed on authorized servers.
Testlet: Woodgrove Bank
You need to recommend changes to the DFS infrastructure that meet the company's technical requirements.
What should you recommend implementing in each branch office? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW Overview
Woodgrove Bank is an international financial organization.
Physical Location
The company has a main office and multiple branch offices.
EXISTING ENVIRONMENT Active Directory Environment
The network contains one Active Directory forest. A separate domain exists for each office.
Network Infrastructure
All offices have domain controllers that are configured as DNS servers. All client computers are configured to connect to the DNS servers in their respective office only.
The main office has the following servers and client computers:
One Windows Server Update Services (WSUS) server.
Client computers that run either Windows XP Service Pack 3 (SP3) or Windows 7.
Ten file servers host multiple shared folders. The file servers run either Windows Server 2003 or
Windows Server 2008 R2.
One domain-based Distributed File System (DFS) namespace that has two replicas. The DFS servers
run Windows Server 2008 R2. The DFS namespace is configured to use Windows 2000 Server mode. Each branch office has a WAN link to the main office. The WAN links are highly saturated. Each office has a dedicated high-speed Internet connection.
All of the client computers in the branch offices run Windows 7.
User Problems
Users report that it is difficult to find the shared folders on the network.
REQUIREMENTS Planned Changes
Woodgrove Bank plans to implement the following changes:
Deploy a new application named App1 on each client computer. App1 has a Windows Installer package and is compatible with Windows XP, Windows Vista, and Windows 7.
Designate a user in each office to manage the address information of the user accounts in that office.
Deploy a new branch office named Branch22 that has the following servers: One file server named Server1 & Two domain controllers named DC10 and DC11 that are configured as DNS servers.
Technical Requirements
Woodgrove Bank must meet the following technical requirements:
Minimize hardware and software costs, whenever possible.
Encrypt all DNS replication traffic between the DNS servers.
Ensure that users in the branch offices can access the DFS targets if a WAN link fails.
Ensure that users can only view the list of DFS targets to which they are assigned permissions.
Minimize the amount of network traffic between the main office and the branch offices, whenever possible.
Minimize the amount of name resolution traffic from the branch offices to the DNS servers in the main office.
Ensure that the administrators in the main office manage all Windows update approvals and all
computer groups.
Manage all of the share permissions and the folder permissions for the file servers from a single
management console.
Ensure that if a file on a file server is deleted accidentally, users can revert to a previous version of the file without administrator intervention.
Ensure that administrators are notified by e-mail each time a user successfully copies a file that has an .avi extension to one of the file servers.
Security Requirements
Woodgrove Bank must meet the following security requirements:
Access rights and user rights must be minimized.
The Guest account must be disabled on all servers.
Internet Information Services (IIS) must only be installed on authorized servers.
Correct Answer: C,D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 9
Testlet: Tailspin Toys
Explanation
Explanation/Reference:
You need to recommend a solution that meets the following requirements:
Log access to all shared folders on TT-FILE02.
Minimize administrative effort.
Ensure that further administrative action is not required when new shared folders are added to TTFILE02.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Select and Place:
Testlet: Tailspin Toys
Explanation
Explanation/Reference:
You need to recommend a solution that meets the following requirements:
Log access to all shared folders on TT-FILE02.
Minimize administrative effort.
Ensure that further administrative action is not required when new shared folders are added to TTFILE02.
Which actions should you perform in sequence?
To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. (Use only actions that apply.)
CASE SCENARIO General Background
You are the Windows Server Administrator for Tailspin Toys. Tailspin Toys has a main office and a manufacturing office.
Tailspin Toys recently acquired Wingtip Toys and is in the beginning stages of Merging the IT environments. Wingtip Toys has a main office and a sales office.
Technical Background
The companies use the network subnets indicated in the following table:
The Tailspin Toys network and the Wingtip Toys are connected by a point-to-point dedicated 45 Mbps circuit that terminates in the main offices.
The current Tailspin Toys server topology is shown in the following table:
The Tailspin Toys environment has the following characteristics:
All servers are joined to the tailspintoys.com domain.
In the Default Domain Policy, the Retain old events Group Policy setting is enabled.
An Active Directory security group named "Windows System Administrators" is used to control all files and folders on TT-PRINT01.
A Tailspin Toys administrator named Marx has been delegated rights to multiple Organizational Units (OUs) and object in the tailspintoys.com domain.
Tailspin Toys developers use Hyper-V Virtual Machines (VM's) for development. There are 10
development VM's named TT-DEV01 to TT-DEV20.
The current Wingtip Toys server topology is shown in the following table: All servers in the Wingtip Toys environment are joined to the wingtiptoys.com domain.
Infrastructure Services
You must ensure that the following infrastructure services requirements are met:
All domain zones must be stored as Active Directory-integrated zones.
Only DNS servers located in the Tailspin Toys main offices may communicate with the DNS servers at Wingtip Toys.
Only DNS servers located in the Wingtip Toys main offices may communicate with the DNS servers at Tailspin Toys
All tailspintoys.com resources must be resolved from the Wingtip Toys offices.
All wingtiptoys.com resources must be resolved from the Tailspin toys offices.
Certificates must be distributed automatically to all Tailspin Toys and Wingtip Toys computers.
Delegated Administration
You must ensure that the following delegated administration requirements are met: Tailspin Toys IT security administrators must be able to create, modify and delete user objects in the wingtip.com domain.
Members of the Domain Admins Group in the tailspintoys.com domain must have full access to the wingtiptoys.com Active Directory environment.
A delegation policy must grant minimum access rights and simplify the process of delegating rights.
Minimum permissions must always be delegated to ensure that the least privilege is granted for a job task.
Members of the TAILSPINTOYS\Helpdesk group must be able to update drivers and add printer ports on TT-PRINT01.
Members of the TAILSPINTOYS\Helpdesk group must not be able to cancel a print job on TT-PRINT01.
Tailspin Toys developers must be able to start, stop and apply snapshots to their development VM's.
IT Security
Server security must be automated to ensure that newly deployed servers automatically have the same security configurations as existing servers.
Auditing must be configured to ensure that the deletion of users objects and OUs is logged.
Microsoft Word and Microsoft Excel files must be automatically encrypted when uploaded to the
Confidential documents library on the Tailspin Toys Microsoft SharePoint site.
Multi factor authentication must control access to Tailspin Toys domain controllers.
All file and folder auditing must capture the reason for access.
All folder auditing must capture all delete actions for all existing folders and newly created folders.
New events must be written to the Security event log in the tailspintoys.com domain and retained
indefinitely.
Drive X:\ on the TT-FILE01 must be encrypted by using Windows BitLocker Drive Encryption and must be automatically unlock.
Select and Place:
Correct Answer:
QUESTION NO: 10
Testlet: Fabrikam Inc
http://technet.microsoft.com/en-us/library/cc749610%28WS.10%29.aspx
You need to recommend a file access solution for the Templates share.
Which two actions should you recommend? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.
The relevant sites for the network are configured shown in the following table.
The relevant group policy objects (GPOs) are configured as shown in the following table.
Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.
WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.
Testlet: Fabrikam Inc
http://technet.microsoft.com/en-us/library/cc749610%28WS.10%29.aspx
You need to recommend a file access solution for the Templates share.
Which two actions should you recommend? (Each correct answer presents part of the solution. Choose two.)
Case Study Title (Case Study): COMPANY OVERVIEW
Fabrikam Inc. is a manufacturing company that has a main office and a branch office.
PLANNED CHANGES
You plan to deploy a failover cluster named Cluster1 in the branch office. Cluster1 will be configured to meet the following requirements:
The cluster will host eight virtual machines (VMs).
The cluster will consist of two nodes named Node1 and Node2.
The quorum mode for the cluster will be set to Node and Disk Majority.
A user named Admin1 will configure the virtual switch configuration of the VMs.
The cluster nodes will use shared storage on an iSCSI Storage Area Network (SAN).
You plan to configure a VM named File2 as a file server. Users will store confidential files on File2.
You plan to deploy a Microsoft Forefront Threat Management Gateway (TMG) server in each site. The Forefront TMG server will be configured as a Web proxy.
EXISTING ENVIRONMENT
The research department is located in the branch office. Research users frequently travel to the main office.
Existing Active Directory/Directory Services
The network contains a single-domain Active Directory forest named fabrikam.com. The functional level of the forest is Windows Server 2008.
The relevant organizational units (OUs) for the domain are configured as shown in the following table.
The relevant sites for the network are configured shown in the following table.
The relevant group policy objects (GPOs) are configured as shown in the following table.
Existing Network Infrastructure
All users run windows server 2008 R2. The relevant servers are configured as shown in following table.
WSUS2 is configured as a downstream replica server.
File1 contains a share named Templates. Users access the Templates share by using the path \ \fabrikam.com\dfs\templates.
File1 has the Distributed File System (DFS) Replication role service and the DFS Namespaces role service installed.
TECHNICAL REQUIREMENTS
Fabrikam must meet the following requirements:
Minimize the cost of IT purchases.
Minimize the potential attack surface on the servers.
Minimize the number of rights assigned to administrators.
Minimize the number of updates that must be installed on the servers.
Ensure that Internet Explorer uses the local ForeFront TMG server to connect to the Internet.
Ensure that all client computers continue to receive updates from WSUS if a WSUS server fails.
Prevent unauthorized users from accessing the data stored on the VMs by making offline copies of the
VM files. Fabrikam must meet the following requirements for the Templates share:
Ensure that users access the files in the Templates share from a server in their local site.
Ensure that users always use the same UNC path to access the Templates share, regardless of the site in which the users are located.
Correct Answer: B,C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
